From owner-freebsd-security Thu Aug 15 9: 8:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5014137B41E for ; Thu, 15 Aug 2002 09:08:10 -0700 (PDT) Received: from daemon.cyberdoom.org (ip212-226-145-19.adsl.kpnqwest.fi [212.226.145.19]) by mx1.FreeBSD.org (Postfix) with SMTP id 5C1F143E8A for ; Thu, 15 Aug 2002 09:07:04 -0700 (PDT) (envelope-from dan.airinen@cyberdoom.org) Received: (qmail 7969 invoked by uid 1005); 15 Aug 2002 16:05:49 -0000 Received: from localhost (127.0.0.1) by 0 with SMTP; 15 Aug 2002 16:05:46 -0000 Date: Thu, 15 Aug 2002 19:05:46 +0300 (EEST) From: Dan Airinen X-X-Sender: dan@daemon.cyberdoom.org To: Philip Paeps Cc: security@freebsd.org Subject: Re: Chroot environment for ssh In-Reply-To: <20020815134341.GO1144@juno.paeps.cx> Message-ID: <20020815190221.M7905-100000@daemon.cyberdoom.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Philip, You could give a try to http://chrootssh.sourceforge.net/ -------------------------------- Dan Airinen System Administrator Email: dan.airinen@cyberdoom.org -------------------------------- "Qvid me anxivs svm?" On Thu, 15 Aug 2002, Philip Paeps wrote: > Hi guys - > > I'm in the process of setting up a form of fileserver, and I'd like for my > users to be able to work only in their home directories, not anywhere else. I > would like to use SSH for the connections, as opposed to FTP, but I don't want > users to be able to log into an interactive shell (only SCP/SFTP) and I don't > want them to 'escape' out of their home directories. > > Anyone have any ideas on how I'd go about doing this? I've been fiddling with > chrsh (a 'chroot shell') but it's not really what I want. > > (I was debating with myself whether to post this on -questions of -security, I > hope I chose wisely in the end). > > Thanks! > > - Philip > > -- > Philip Paeps > philip@paeps.cx > http://www.paeps.cx/ > > +32 486 114 720 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message